Commit graph

425 commits

Author SHA1 Message Date
Orazio
b823737b5a Hide client IPs in the debug log 2019-07-01 15:44:00 +02:00
Orazio
0ad342e007 Fixed typo 2019-07-01 11:36:01 +02:00
Orazio
7a34dd3704 Improve iptables detection 2019-07-01 11:12:46 +02:00
Orazio
95480f3279 Add support for Raspbian Buster 2019-06-26 10:35:56 +02:00
IcedComputer
2e5a344c82
Fixed issue with grabbing hostname
Per comments and recommendations, added the "-s" when grabbing the hostname.  This will ensure uniform performance across various platforms.
2019-06-20 17:37:56 -07:00
IcedComputer
ce9b8dfffc
Leverage the Hostname of the Server
Historic versions leveraged a format of "server_$UUID" to name of the VPN server certificate for X509 verification.  This seems very impersonal.  The new code pulls the existing hostname of the machines and appends the 16 character UUID.  The new format is $hostname_$UUID.

Example:
A machine named "Martian" with a UUID of 1234567890123456 would change from server_1234567890123456 to Martian_1234567890123456
2019-06-19 15:48:46 -07:00
4s3ti
def92ed83d Added support info 2019-06-06 16:59:15 +02:00
4s3ti
dafd3da38c
Merge branch 'master' into test 2019-05-14 00:15:34 +01:00
4s3ti
616c2e24c4 Removed /24, fixed issue template 2019-05-13 23:06:14 +01:00
Calvin Loncaric
1af5c26034
Flush disk writes before reboot
This commit introduces a `sync` call before the install script exits.

The writes that this script does during setup do not reach persistent
storage until the kernel decides to flush them.  The reboot sequence
might drop those pending writes on the floor.  To mitigate that
possibility (but not fully eliminate it), the script now calls `sync`,
which waits until the kernel has flushed its write cache.
2019-05-13 10:26:07 -07:00
Orazio
05d7d84809 Remove reference to a deleted file 2019-05-08 15:29:43 +02:00
Orazio
e26cef1863 Custom certificate duration and more flexible names 2019-05-08 13:01:56 +02:00
Orazio
63d3335f33 Resolved merge conflict 2019-05-03 10:26:56 +02:00
Jorge Frade
b75b36f482
Fix Easy-RSA install
Renamed from EasyRSA-{version}.tgz to EasyRSA-unix-v{version}.tgz
2019-04-10 17:54:31 +01:00
james-lasersoft
bd6a1e10ac
Merge pull request #711 from shian15810/master
Fixed rsyslog deprecated discard from ~ to stop
2019-04-10 00:41:50 -05:00
james-lasersoft
577d662a7c
Merge pull request #704 from Giraffe1966/shallow-clone
Use shallow clone for make_repo and update_repo.
2019-04-10 00:30:29 -05:00
Chuah Chee Shian
4f34bd3303
fixed rsyslog deprecated discard from ~ to stop 2019-04-05 00:39:00 +08:00
Giraffe1966
bbb4b1e4f3
Update easy-rsa version. 2019-03-29 23:34:37 -04:00
Giraffe1966
cc80ca16bb
Use shallow clone for make_repo and update_repo. 2019-03-29 23:15:30 -04:00
Heidenreich
ae934253f9 Updated sed insertion to fix line overwrite 2019-03-11 11:22:31 -04:00
Heidenreich
76ae525c1d updated server.conf path 2019-03-11 10:54:54 -04:00
Alex Heidenreich
9bb82ff372 changed whiptail sizing to use PiVPN variables 2019-03-10 22:35:18 -04:00
Alex Heidenreich
9808234792 Called valid_domain function in SetCustomDomain() 2019-03-10 22:33:20 -04:00
Alex Heidenreich
0cd9e0deb6 Added function valid_domain to check user input of custom domain 2019-03-10 20:06:49 -04:00
Alex Heidenreich
3a0d6b1b47 Fixed server.conf path 2019-03-10 14:02:37 -04:00
Alex Heidenreich
3364f76790 Added procedure to allow users to set custom search domain. 2019-03-10 13:55:14 -04:00
Alex Heidenreich
24db1bc2e2 Initial commit with comment 2019-03-05 11:32:49 -05:00
Orazio
e3f729f260 General fixes and improvements 2019-03-03 10:18:45 +01:00
Orazio
375faa6398 Update install.sh 2018-10-19 22:04:30 +01:00
Orazio
30f8508055 Update install.sh 2018-10-19 22:04:30 +01:00
Orazio
cb169bcb0c Update install.sh 2018-10-19 22:04:30 +01:00
Orazio
dd26662fdf
Update install.sh 2018-10-12 21:06:11 +02:00
Orazio
66a937f04d
Update install.sh 2018-09-04 14:38:21 +02:00
Orazio
f02f57d721
Update install.sh 2018-09-04 12:06:52 +02:00
redfast00
de76940b65
Merge pull request #554 from Giraffe1966/issue-552
Fix issue #552 (remove dead code)
2018-08-15 21:17:33 +02:00
redfast00
18bfa927da
Fix typo, fix #429 2018-08-15 21:15:24 +02:00
redfast00
da33c83ac4
Merge pull request #582 from alexisespinosa/master
Create TWO_POINT_FOUR file when running unattended
2018-08-15 20:30:25 +02:00
redfast00
028805211e
Merge pull request #562 from marvinlehmann/master
Use latest DH parameter service API
2018-08-15 20:20:53 +02:00
Alexis Espinosa Perez
a8b3428744 Create TWO_POINT_FOUR file when running unattended 2018-08-15 11:06:12 -05:00
Marvin Lehmann
e4067949d5
Use latest DH parameter service API
More information at https://2ton.com.au/safeprimes/
2018-07-18 23:01:36 +02:00
Giraffe1966
58fcaafcf1
Fix issue #552. 2018-07-02 17:34:26 -04:00
pfg
79d4245edb Fix spacing 2018-05-29 14:19:16 -07:00
pfg
fb604cdc7f Actually do it right 2018-05-29 14:17:55 -07:00
Piero
33e7ef0c91 Several changes 2018-04-02 12:07:58 +02:00
justinamcafee
9749257e08
Updated install.sh
Added support for FamilyShield DNS from OpenDNS/CISCO
2018-03-09 11:32:14 -06:00
Piero
4b47b5aa61 2.4 2018-02-15 10:14:03 +01:00
redfast00
c7dfe6283a
Merge pull request #379 from jellemdekker/fix/remove-excess-code
Removed excess code
2017-12-16 22:07:10 +01:00
Jelle Dekker
9f46f1ef91 Removed call to deleted method. 2017-10-11 22:55:58 -05:00
cfcolaco
89a928e7c4 fixed (more) Typos and sentences 2017-10-08 20:10:57 +01:00
cfcolaco
664087bf92 fixed typo 2017-10-08 19:47:30 +01:00
cfcolaco
c1918417d6 added support to Stretch, removed useless code, added info about stretch support 2017-10-08 18:27:43 +01:00
cfcolaco
29a5dbb22b Revert "Revert "Added support to Stretch, Fixed some texts, Removed some lines for testing pruposes""
This reverts commit 6e8d6d24b5.
2017-10-08 13:19:01 +01:00
cfcolaco
6e8d6d24b5 Revert "Added support to Stretch, Fixed some texts, Removed some lines for testing pruposes"
This reverts commit 2626127be1.
2017-10-08 13:08:57 +01:00
cfcolaco
2626127be1 Added support to Stretch, Fixed some texts, Removed some lines for testing pruposes 2017-10-08 12:54:24 +01:00
cfcolaco
a5258d9f3c Merging master comits into testing 2017-10-08 11:26:42 +01:00
Jelle Dekker
14b13d3a41 Removed the previously commented-out code. 2017-09-23 19:17:35 -05:00
redfast00
a8deeaf18b Merge pull request #363 from jellemdekker/fix/improve-dh-selection-menu
Improved encryption strength selection menu
2017-09-24 01:16:33 +02:00
redfast00
009e4b3023 Merge pull request #362 from jellemdekker/feature/randomize-server-name
Randomize server Common Name for added security
2017-09-24 01:13:34 +02:00
redfast00
003b27362f Merge pull request #361 from jellemdekker/feature/generate-crl-during-installation
Generate and activate CRL during installation
2017-09-24 01:12:05 +02:00
Jelle Dekker
c81e793c6c Removed punctuation in list items. 2017-09-23 15:16:06 -05:00
Jelle Dekker
f5c05715de Added sudo -E. 2017-09-23 14:35:46 -05:00
Jelle Dekker
4e77245a97 Commented out code related to adding a route to the remote subnet (e.g. 192.168.0.0). 2017-09-22 16:03:38 -05:00
Jelle Dekker
7b6a358779 Modified the messages when PiVPN installation completes and client profiles are generated, so the user knows to generate a client profile per each device he/she wants to connect to the VPN with. 2017-09-22 14:11:23 -05:00
Jelle Dekker
30920115b3 Implemented that a Certificate Revocation List is generated during installation after generation of other Public Key Infrastructure. Enabled this CRL in the server config. The added benefit of this is that whenever the user now revokes a client, the change is instant. Whereas before, the first time a client was revoked, the OpenVPN server had to be restarted to enabled the then-newly-generated CRL. This change also makes the file /etc/pivpn/REVOKE_STATUS obsolete.
Documentation: https://openvpn.net/index.php/open-source/documentation/howto.html#revoke
2017-09-22 02:46:52 -05:00
Jelle Dekker
8910545d90 Fixed a couple of typos. 2017-09-22 02:17:53 -05:00
Jelle Dekker
d1652a03b1 The SERVER_NAME variable is used in a 'verify-x509-name' check to allow the client to verify it is talking to the correct server. However, its value was always equal to 'server'. This wasn't unique for each installation and therefore provided no additional safety check. So I've modified it to be random for each installation of PiVPN. Additionally, the variable is now actually being used when specifying the server name in the build-server-full command.
Source for obtaining a random UUID (thank you): Earthgecko (https://gist.github.com/earthgecko/3089509)
2017-09-21 14:39:16 -05:00
Jelle Dekker
7cf5c19789 Changed the display order of the DH options (default value is still 2048 bits) and added a warning for 1024 bits. 2017-09-20 23:24:57 -05:00
cfcolaco
fbec57d1fd changed to new openvpn repos 2017-06-29 12:03:47 +01:00
David Quattlebaum
5c4a51b695 Final testing passed
Changes:
- Document that Devuan is supported.
- Use special PLAT name, Raspvuan for Pi version
- Use service command for any *vuan PLAT, systemd is no on any
Devuan.
- add net-tools to PIVPN_DEPS
2017-06-06 18:27:23 -04:00
David Quattlebaum
2eb11cad0c changes for devuan
- To simplify further additions to PLAT or OSCN, use
the case command for checking

- Treat Devuan as Debian

- Add /sbin:/usr/sbin to PATH before calling ifconfig

- Ensure net-tools is installed so we have ifconfig
2017-06-04 16:18:26 -04:00
Jelle Dekker
d5f0a81f80 Clearly indicate that a user selects a list item with the space bar. 2017-04-17 15:49:52 +02:00
EWouters
ff97f40ecf Fix: mkdir: cannot create directory ‘/home/$pivpnUser/ovpns’: File exists 2017-03-22 13:47:55 +13:00
EWouters
cd4d13691d fixed check for when both nopass and a password argument are passed to the script 2017-03-16 22:25:17 +13:00
EWouters
27c34aa297 Removed -p flag to create home dir
As described in #165 ( fc14664) it is not desirable.
2017-03-15 17:24:42 +13:00
EWouters
75b7995a87 Removed SERVER_NAME parameter
because it is hardcoded as "server" in other scripts
2017-03-15 02:40:39 +13:00
EWouters
277a212a8f tabs to spaces 2017-03-14 15:39:53 +13:00
EWouters
097145392c set -e and set +e around line 800 to 815
I am not sure why this statement does not work with -e. We can also
remove the set -e statement altogether.
2017-03-14 15:39:07 +13:00
EWouters
7315353179 Moved echo to file statements to front, add missing
fixed a typo
replaced tabs with spaces
2017-03-14 15:25:39 +13:00
EWouters
5b5129f1bc fix: cp: cannot stat ‘/tmp/pivpnINT’: No such file 2017-03-14 14:26:22 +13:00
EWouters
2a639e753e Fixed sed command and mkdir if folder exists 2017-03-14 10:48:16 +13:00
EWouters
71021d6ffa Added all parameters, initial testing done 2017-03-13 19:44:29 +13:00
EWouters
5db23185fd Added pi-hole's undocumented flags
UNTESTED!
2017-03-13 17:00:28 +13:00
Kaladin Light
faaabe4c0e Fixes Issue #195 2017-01-28 13:58:10 -05:00
Kaladin Light
dc9924f147 Have debug work without being root 2017-01-27 17:46:34 -05:00
Kaladin Light
5ce48cbaaf Trying to ensure interface is set, maybe related to iptables issues.
If not, we at least will see in pivpnDebug output now.
2017-01-27 15:42:42 -05:00
redfast00
b727fa3970
Fix-189 2017-01-22 12:44:36 +01:00
Kaladin Light
df16e8dd59 Fixes Issue #173 and #174 2016-12-25 18:06:32 -05:00
Kaladin Light
371f339fed Rework things 2016-12-24 00:20:45 -05:00
Kaladin Light
22b5bfef68 Add fix iptables help to debug script (1/2) 2016-12-11 13:36:14 -05:00
Kaladin Light
6b406ffb27 Fix type for moving client script 2016-12-11 10:04:33 -05:00
Kaladin Light
eaf78ab6bb Try to fix apt errors now. If we can't then exit so the user can address. 2016-12-10 00:58:36 -05:00
Bastiaan Nelissen
6e3ad10a80 fixed download location
fixed easy-rsa download location
Conflicts:
	auto_install/install.sh
2016-12-08 18:37:22 -05:00
Bastiaan Nelissen
98d63b7bd0 fixed wget command
wget was targeted to a directory instead of a file
2016-12-08 18:31:43 -05:00
Kaladin Light
07cdc2771b Fix new clients command 2016-12-08 12:18:21 -05:00
Kaladin Light
da5facecbc Add 'pivpn clients' command to show list of connected clients 2016-12-08 11:43:30 -05:00
Kaladin Light
6c456d3b90 Minor fixes for couple issues 2016-12-07 13:03:32 -05:00
Kaladin Light
26152889f6 Testing a failure 2016-12-07 11:55:36 -05:00
Kaladin Light
082200ba7c More adjustments/fixes for easy-rsa3 2016-12-05 15:54:54 -05:00
Kaladin Light
a503fa7f93 Ensure openvpn doesn't install easy-rsa now 2016-12-05 15:35:47 -05:00
Kaladin Light
ff1ade9e9f Bug fixes for easyrsa3 modifications
Cleanup chooseUser function and fix issue with creating a user
password not being set correctly.
2016-12-05 14:55:30 -05:00
Kaladin Light
27e0fa8bb5 Ensure we don't get prompted for confirmation on init-pki 2016-12-05 12:13:09 -05:00
Kaladin Light
0b96cae1a3 Phase 1 (of 3?): Server modifications for easy-rsa3 2016-12-04 00:20:37 -05:00
Kaladin Light
f61b26f669 Small adj 2016-11-22 23:47:09 -05:00
Kaladin Light
083de9336d Can't use nslookup if it isn't installed yet... 2016-11-22 23:18:24 -05:00
Kaladin Light
542bcda9a1 Don't assume user's DNS is their gateway. Use what they have. 2016-11-22 13:23:51 -05:00
Kaladin Light
1cada67979 Don't like the install log, get rid of for now 2016-11-19 16:26:40 -05:00
Kaladin Light
5e29fdf3fb Help debugging with install log 2016-11-19 15:52:13 -05:00
Kaladin Light
7f662ad13d Hopefully Fixes Issue #153 2016-11-18 17:22:36 -05:00
Kaladin Light
cf9f052445 Update to setStaticIPv4 function 2016-11-10 12:25:31 -05:00
Kaladin Light
d844f874a3 Update to getStaticIPv4Settings function 2016-11-10 12:18:17 -05:00
Kaladin Light
b2362ab591 Update to chooseInterface function 2016-11-10 11:13:31 -05:00
Kaladin Light
4516137dca Minor updates to some checks. 2016-11-10 10:51:19 -05:00
Kaladin Light
02bf7c0ad8 Fix apt-get switches to not generate unexpected output 2016-11-09 22:33:21 -05:00
Kaladin Light
6997a0b9a7 Fixes Issue #71:
- Uses network address instead of IP in the push route to avoid warnings
- If a second DNS is not entered, remove second occurence of the dhcp-option DNS
2016-11-09 15:02:40 -05:00
Kaladin Light
67722ca7f4 Once again pi-hole had a more robust stty setup so lets borrow that :) 2016-11-08 12:03:42 -05:00
Kaladin Light
7c64afdc92 Get rows/cols with stty instead of tput 2016-11-07 22:49:00 -05:00
redfast00
6d1f6f6f07
Fixes #142 2016-11-05 14:42:37 +01:00
redfast00
460c575dfc
Now prompts user to create new non-root user if no user is found 2016-10-27 15:45:02 +02:00
redfast00
1cdd5d1494 Cleanup (#111)
* Tab completion for nopass, no further completion after one argument

* Cleaned up install.sh
2016-10-25 20:11:32 +02:00
redfast00
d900efe49b Fix-110: iptables-save now actually saves the iptables 2016-10-23 11:29:46 +02:00
Shaun Grady
1a4e9cdb66 Explain DH param download in greater detail (#129)
* Explain DH param download in greater detail

- Change default from "no" to "yes," since it's perfectly safe more 99%
of users
- Be a bit more specific about what "a long time" means
- Provide a bit of information about the service
- Provide a link to read more about the server

* Revert to defaulting no to downloading DH params
2016-10-22 20:33:42 +02:00
Shaun Grady
b03cb8753f
Randomize DH params fetched from 2ton.com.au
Fetch random DH params from the last 128 generated by 2ton.com.au. This
will reduce the likelihood that multiple installs in short period of
time will share the same DH params.
2016-10-20 16:21:28 -07:00
Miguel Priede
7ac0a3aada Update install.sh for #124
Parenthesis fault...
2016-10-19 06:51:30 +02:00
redfast00
4681cf29fe Whoops, fixed now 2016-10-18 19:30:02 +02:00
0-kaladin
eba2d80bf3 Merge pull request #104 from redfast00/feature/download-dh
Added option to download DH parameters
2016-10-09 21:53:22 -04:00
redfast00
88e980534e
Added option to download DH parameters 2016-10-09 18:37:28 +02:00
redfast00
bee837790a
Fixes #100 2016-10-09 18:27:45 +02:00
Stephen KINGER
ac28a7c3e4 Set default ports as 1194 for UDP and 443 port for TCP 2016-10-09 13:40:19 +02:00
redfast00
cf5ba27a21
Added message about TCP 2016-10-09 12:30:13 +02:00
Stephen KINGER
e541fd39ac Update the unisntall script, OK. 2016-09-28 17:09:04 +02:00
Stephen KINGER
a7c9a35352 /feature/add_tcp_option
Adding a correct tcp option
2016-09-27 14:24:14 +02:00
Kaladin Light
8f09ee9afd Fixes for Debian support 2016-05-25 17:58:08 -04:00
Kaladin Light
3c0d0cb176 Ensure debian and ubuntu get openvpn from the openvpn repo so they don't get an old server version 2016-05-25 17:41:42 -04:00
Kaladin Light
0fbc99e0b7 Fixes for UFW 2016-05-15 23:36:40 -04:00
Kaladin Light
f0d92ab8df Fix raspbian os detection
when doesn't it have lsb-release!?
2016-05-15 21:43:32 -04:00
Kaladin Light
2aad7f3c59 fix minor issue on lsb_release 2016-05-15 17:02:03 -04:00
Kaladin Light
3916acf665 Support reverting UFW changes on uninstall 2016-05-15 16:57:42 -04:00
Kaladin Light
d096335d5f update lsb_release to use hash instead of which 2016-05-15 12:29:05 -04:00
Kaladin Light
5d9580fbdd Adding support for UFW if enabled over raw iptables 2016-05-14 22:42:39 -04:00
Kaladin Light
2f3540b898 Robustize OS Detection.
This is framework needed to support Ubuntu 16.04 which
is coming in a future commit.
2016-05-10 11:49:29 -04:00
Kaladin Light
0277054de1 Ubuntu uses openvpn repo to get newer version and...
clients get two more security parameters to harden connection further and...
hopefully fix use of testing branch and...
why is there no modern Road Rash game, that was the best.
2016-05-07 12:33:52 -04:00
Kaladin Light
dea112f50f Fixes #23, enhance 'pivpn add', minor bug fixes & other enhancements 2016-05-05 21:04:57 -04:00
Kaladin Light
5b6627eaf8 Minor fixes, one for ubuntu only 2016-05-03 12:34:04 -04:00
Kaladin Light
6f7d8092d5 Add call to confUnattendedUpgrades function 2016-05-03 10:34:57 -04:00
Kaladin Light
bf81405d6c Resolves #19 - Implement unattended-upgrade option for users 2016-05-03 10:32:17 -04:00
Kaladin Light
6956fcb99b Implement the "planetahuevo enhancement", IE the ability to
generate a client cert with no password. Run 'pivpn add nopass'
2016-04-30 23:37:27 -04:00
Kaladin Light
6032aa7f2e Give user chance to confirm DNS name. Just in case they fat-fingered. 2016-04-30 16:00:02 -04:00
Kaladin Light
2ee04c6c9b Missed dependency for new 'pivpn add' requirements 2016-04-30 14:40:43 -04:00
Kaladin Light
582e923bc8 Old QA team was fired. New team found this issue
with DNS not being set if you non default and were not root user.
2016-04-29 19:18:05 -04:00
Kaladin Light
c7caf8db35 Init cert values
Clean up encryption list
(don't play in the master branch kids, bad things happen)
2016-04-29 16:59:07 -04:00
Kaladin Light
7076c5990a Minor fix 2016-04-29 16:25:46 -04:00
Kaladin Light
0649c5da66 Closes #17
Cause people cared more than I thought they would.
(and that's a good thing)
2016-04-29 13:18:28 -04:00
Kaladin Light
03190d336f Allow user to pick 4096 key for paranoid mode.
Fixes Issue #18
2016-04-29 10:15:43 -04:00
Kaladin Light
c553311efe Last commit that fixes #10 2016-04-28 21:58:54 -04:00
Kaladin Light
63970e2678 Validate Custom Port input
This is part of Issue #10
2016-04-27 22:13:00 -04:00
Kaladin Light
ca42ff9621 Fixes #13
ubuntu openvpn is < 2.3.4
2016-04-27 20:54:51 -04:00
Kaladin Light
cad82d6dbf Fix testing scenario 2016-04-23 20:35:49 -04:00
Kaladin Light
204011ef0a Give users moar options in client dns.
Level up sed skillz
2016-04-23 18:18:48 -04:00
Kaladin Light
fa60d29aa3 Get install working on ubuntu 2016-04-22 15:16:48 -04:00
Kaladin Light
60ab6c057a More fixes for non-root installs 2016-04-21 12:50:15 -04:00
Kaladin Light
04eb49116f fix for non sudo user install 2016-04-21 12:28:48 -04:00
Kaladin Light
0b50af3ea2 Minor Adjustments 2016-04-21 11:59:18 -04:00
Kaladin Light
9ca5425c26 need to init OVPNDNS 2016-04-21 11:43:28 -04:00
Kaladin Light
3f3ebc48a0 Get install to work as non-root user 2016-04-21 09:37:27 -04:00
Kaladin Light
a9b230d1cb Use modified server cert names in the conf file 2016-04-20 22:43:16 -04:00
Kaladin Light
cc94d11d0b Add some newlines 2016-04-20 20:48:52 -04:00
Kaladin Light
0a06fbd6a8 Fixes 2016-04-20 20:20:52 -04:00
Kaladin Light
3d4a005067 Fix KEY_ALTNAMES
(no idea why this is complaining now...)
2016-04-20 18:00:47 -04:00
Kaladin Light
57a8967b62 Fixes during testing 2016-04-20 17:33:54 -04:00
Kaladin Light
ebdb9f9b1f More certificate name information work 2016-04-20 15:36:27 -04:00
Kaladin Light
719dfef7ae Allow user to set DNS server clients will use 2016-04-20 12:10:06 -04:00
Kaladin Light
6b6536b779 Allow user to change default OpenVPN port 2016-04-20 11:16:50 -04:00
Kaladin Light
4e56c08140 Fix URLs 2016-04-19 21:49:34 -04:00
Kaladin Light
4cfab547e0 Allow user to input certificate values 2016-04-19 19:06:44 -04:00
Kaladin Light
53565dd4fe First commit of reworked installer 2016-04-19 14:01:55 -04:00